Eggs and baskets

On the one hand, regulators want to be able to easily see all the trading data about stock trades.  On the other, if you put all the important information in one place, hackers might go after it.  What’s a body to do?

“Exchanges Seek Database Delay, Citing Security,” The Wall Street Journal, November 15, 2017 B18. The NYSE and others asked the SEC to delay the start of a new database of sensitive trading information so that they can enhance the security. By adding a CISO, for example.

The SEC hasn’t been a positive model for computer security, and industry has had a few oopsies as well.  How does one balance ease of regulatory enforcement and security?  Which one is more important?  Who’s responsible/liable if there’s an oops?


Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Government, Internal controls, Oversight, Protect assets, Security, Third parties, Value

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s